IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 26, NO. 2, … · IEEE/ACM TRANSACTIONS ON NETWORKING,...

IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 26, NO. 2, APRIL 2018 835

Encoding Short Ranges in TCAM WithoutExpansion: Efficient Algorithm and Applications

Anat Bremler-Barr, Member, IEEE, Yotam Harchol , Member, IEEE,David Hay, Member, IEEE, and Yacov Hel-Or, Member, IEEE

Abstract— We present range encoding with no expansion(RENÉ)— a novel encoding scheme for short ranges on Ternarycontent addressable memory (TCAM), which, unlike previous solu-tions, does not impose row expansion, and uses bits proportionallyto the maximal range length. We provide theoretical analysis toshow that our encoding is the closest to the lower bound ofnumber of bits used. In addition, we show several applicationsof our technique in the field of packet classification, and also,how the same technique could be used to efficiently solve otherhard problems, such as the nearest-neighbor search problemand its variants. We show that using TCAM, one could solvesuch problems in much higher rates than previously suggestedsolutions, and outperform known lower bounds in traditionalmemory models. We show by experiments that the translationprocess of RENÉ on switch hardware induces only a negligible2.5% latency overhead. Our nearest neighbor implementation ona TCAM device provides search rates that are up to four ordersof magnitude higher than previous best prior-art solutions.

Index Terms— Computer networks, switching systems, infor-mation retrieval, search methods, nearest neighbor search.

I. INTRODUCTION

TERNARY content addressable memories (TCAMs) havebecome highly popular in networking equipment and

network processing units. TCAMs are used for high-speed IP lookup and packet classification in switches androuters [1], [2]. Software defined networking (SDN) schemessuch as OpenFlow [3] rely on TCAM as the main hardwarefor their data path. TCAM was also suggested to be usedfor other computationally intensive tasks such as patternmatching [4], [5], heavy-hitters detection [6], and similaritysearch in databases [7].

TCAM is an associative memory module. It is composedof an array of ternary words, each consisting of ternary digits,namely: 0, 1, or *. The ‘*’ digits serve as ‘wild cards’ that canbe matched with either ‘0’ or ‘1’. Given a query word, TCAMreturns the first location in the memory array that matches thequery. This process is illustrated in Figure 1.

Manuscript received June 14, 2017; revised September 26, 2017; acceptedJanuary 19, 2018; approved by IEEE/ACM TRANSACTIONS ON NETWORK-ING Editor Y. Ganjali. Date of publication February 5, 2018; date ofcurrent version April 16, 2018. This work was supported in part by theEuropean Research Council under the European Union’s Seventh FrameworkProgramme FP7/2007-2013/ERC under Grant 259085 and in part by theIsraeli Centers of Research Excellence Program under Center 4/11. Partialand preliminary versions of this paper appeared in ACM DaMoN 2015 andACM SPAA 2016. (Corresponding author: Yotam Harchol.)

A. Bremler-Barr and Y. Hel-Or are with the Interdisciplinary CenterHerzliya, School of Computer Science, Herzliya 46150, Israel.

Y. Harchol is with the Electrical Engineering and Computer ScienceDepartment, University of California at Berkeley, Berkeley, CA 94720 USA(e-mail: [email protected]).

D. Hay is with the School of Computer Science and Engineering, TheHebrew University of Jerusalem, Jerusalem 91904, Israel.

Digital Object Identifier 10.1109/TNET.2018.2797690

Fig. 1. Diagram of the TCAM lookup process. The query is compared toall entries in parallel and the index of the first matching entry is used to findthe result.

Multi-field packet classification is becoming more and moreimportant in modern network architectures, such as SDNand network function virtualization (NFV) [8]. Specifically,recently suggested SDN frameworks perform more networkfunctionalities on switches, such as load balancing [9], DDoSprevention [10], and quality of service (QoS) [11]. The initia-tive for NFV suggests to implement higher level tasks suchas deep packet inspection and caching as virtual softwareservices, and make traffic flow through them using smartclassification rules. All such frameworks heavily rely on multi-field packet classification. Many of these fields are betterexpressed as ranges.

While TCAMs become more and more popular, it is stilla hard problem to efficiently represent range rules on suchmemories. Over the last decade there has been an intense lineof research on range encoding on TCAM [12]–[24]. Asidefrom propositions to rearchitect TCAM devices to nativelysupport range rules [13], these solutions can roughly be clas-sified as either database-independent or database-dependentencoding schemes. Database-independent schemes encode allpossible ranges using the same technique, thus allowing fasthot updates [12], [14], [15]. However, these schemes useexponential TCAM row expansion, where a row is expandedinto several rows, exponentially to the number of range fieldsin it.

Database-dependent schemes trades the hot updates flexi-bility for more compact codes [17], [20], but usually performswell only when the number of encoded ranges is small, as theproduced code is proportional to the number of ranges indatabase. Database-dependent schemes do not scale for largenumber of ranges, as we show in Section IV-A. Therefore, thispaper focuses on a database-independent approach.

In this paper we present a database-independent rangeencoding scheme, called RENÉ - Range Encoding with NoExpansion - that eliminates row expansion completely whenranges are short enough. The code produced by RENÉ isproportional to the maximal range length, not to the number

1063-6692 © 2018 IEEE. Personal use is permitted, but republication/redistribution requires IEEE permission.See http://www.ieee.org/publications_standards/publications/rights/index.html for more information.

https://orcid.org/0000-0002-0659-7800

836 IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 26, NO. 2, APRIL 2018

Fig. 2. Toy example: A binary-reflected Gray code (BRGC) encoding tree and the encoding of ranges [5− 8] and [7, 10] using our scheme. In this example,maximal range length is 4. Ranges are divided into layers of non-overlapping ranges. Two layers contain only ranges that can be encoded using Gray codeand therefore are not shown. Containing range [4, 11] is encoded based on the BRGC values, which forms the first left four bits. Extra bits correspond tolayers: Fifth bit to layer L1 and sixth bit to layer L3. If a range belongs to a layer, then the value of the bit corresponding to that layer is the binary valueof the range for this layer. Otherwise, that bit is set to ‘*’. The total number of bits is proportional to the maximal encoded length and is independent of thenumber of encoded ranges.

of ranges, as in database-dependent schemes. In many cases,as we show in this paper, ranges are limited in length. Forexample, it was shown in [15] that in real-life packet classifi-cation tables more than 60% of the TCP port ranges are short.Moreover, packet classification also uses other range fields,where all ranges are short (such as IP ToS or TTL). On somefields one may apply quantization and categorization to reducethe length of ranges without hurting classification accuracy(e.g. packet length). Nonetheless, RENÉ can be combined withother approaches to represent a wider spectrum of ranges ifnecessary.

In addition to packet-classification, where TCAM hasalready been selected as de-facto industry standard, we pro-pose in this paper using a TCAM as a co-processor to CPU inorder to solve hard problems from other domains in computerscience. Specifically, we show how an encoding scheme suchas RENÉ, which requires no row expansion, can be used topractically and efficiently solve the nearest neighbor searchproblem and its variants, removing the infamous curse ofdimensionality from them.

Multidimensional nearest neighbor search (NN) lies atthe core of many computer science applications. Given adatabase of objects and a query, we wish to find the objectin the database most similar to the query object. Commonly,the objects are mapped to points in high-dimensional metricspace. In this context, given a query point q ∈ R

d and aset of points S = {pi}ni=1, pi ∈ R

d, the goal is to find apoint p ∈ S most similar to the query point q under somedistance metric. In addition to the exact NN, many variants ofthis problem exist, including k-nearest neighbor, approximatenearest neighbor, fixed-radius near neighbors, and more. TheNN and its variants are utilized in a wide range of applications,such as spatial search, object recognition, image matching,image segmentation, classification and detection, to name afew [25]–[29].

When the dimensionality of the points is small, many solu-tions were proven to be very effective. These include mainlyspace partitioning techniques [30]–[32]. However, when thenumber of the data points is large (in the order of tens of

thousands or higher) and the dimensionality is high (in theorder of tens or hundreds), the exact solutions break down andproduce exponential time complexity1 [33], [34]. This problemis widely known as the curse of dimensionality.

To overcome the curse of dimensionality, approximatednearest neighbor (ANN) solutions are commonly used. In par-ticular, a c-ANN is a solution where the distance of theretrieved point from q is at most c times the true dis-tance from the nearest point. For the ANN problem, prob-abilistic dimensionality reduction such as locality sensitivehashing (LSH) [33] was proven to be useful, with query timesub-linear in n but linear in d. For very-high dimensional spacethis may still pose a problem [35]. Note also that the solutionprovided by LSH is correct only with high probability.

To our knowledge, we are the first to present a database-independent encoding scheme for short ranges on TCAM withno row expansion. In a nutshell, RENÉ divides all rangesof some length hmax into hmax layers of disjoint ranges.Using the binary-reflected Gray code (BRGC) [36], whichwas shown to be more expressive for ranges than binaryrepresentation [15], it focuses on a specific area where theencoded range is. Using additional bits, it exactly points tothe encoded range inside the area in focus, where a singleadditional bit represents the location of the range inside thelayer it belongs to. A toy example is shown in Figure 2.

Using a general conjunction operator we present next,we are able to encode all ranges with length up to hmax. Thetotal length of RENÉ’s code for a w-bits field, when encodingranges of up to length hmax, is w− log2(hmax) + hmax − 1.This means that RENÉ is feasible on contemporary TCAMsfor ranges up to length of 512, depending on the availablespace on TCAM and number of range fields. We also presenta theoretical analysis and show that at least max(hmax−1, w)bits are required to encode short ranges of up to length hmax

in a w-bits field. RENÉ is closer to this lower bound than anypreviously-suggested technique.

1Exact brute-force search works in time that is linear to n and d, but is veryslow for high n and d. Space partitioning techniques are exponential in d.

BREMLER-BARR et al.: ENCODING SHORT RANGES IN TCAM WITHOUT EXPANSION 837

We show several applications for RENÉ in the area ofpacket classification, along with an implementation of such anapplication on a powerful OpenFlow switch. We also show byexperiments that the penalty in latency for translating valuesusing RENÉ is negligible.

We evaluate and experiment our nearest-neighbor algo-rithms on a real TCAM device and achieve search ratesup to four orders of magnitude higher than previous bestprior-art solutions [7], [33], [37].

II. BACKGROUND

A. Ternary Content Addressable Memory (TCAM)

Contemporary TCAM devices operate at very high rates,between hundreds of millions to more than one billionqueries per second [38], [39]. These devices have about 20-40megabits of memory that can be configured to accommodateentries of up to about 640-bits wide (the wider the entry,the fewer entries can be stored on the chip).

The downsides of TCAM are that it is power hungry,tends to generate high heat (thus requiring extra cooling),and relatively expensive, compared to a standard DRAM chip.A high-density TCAM consumes 12 to 15 W per chip whenthe entire memory is used [2]. However, compared to com-pute units and coprocessors such as CPU or GPU, TCAMs’power requirement, heating and price are actually lower, andbecome similar only when connecting multiple TCAMs inparallel, as usually done in high end networking equipment.For example, Intel’s E7-4870 CPU consumes 130 W [40],and Nvidia’s Tesla K80 GPU consumes up to 300 W [41].Another downside could be that currently, a TCAM cannot beeasily deployed on a standard PC, as they are manufacturedfor networking equipment.

However, due to their impressive adoption for network-ing devices, TCAMs are becoming larger, faster, less powerhungry and less expensive. We speculate that this trend willcontinue. Inspired by the adoption of Graphics ProcessingUnits (GPUs) for general purpose parallel computing in recentyears, in Section V we also suggest that TCAMs may be usefulfor other tasks outside the networking field.

B. Range Encoding on TCAM

The problem of range encoding on TCAM has receivedconsiderable attention in the context of packet classification.

The traditional technique for range representation [12] isprefix expansion, where a range is represented by a set ofprefixes, each of which can be stored by a single TCAMentry. The worst-case expansion ratio when using prefix expan-sion for a w-bit field is 2w − 2 and for an entry with dranges it is (2w − 2)d. Lakshminarayanan et al. [14], andBremler-Barr and Hendler [15] suggest encoding schemesother than binary: In [14], Lakshminarayanan et al. proposeDIRPE, a hierarchical version of fence encoding. Bremler-Barr and Hendler [15] propose SRGE - an encoding based onbinary reflected Gray code [36]. However, these works do notreduce the range expansion to one, or, in the case of [14],it requires an infeasible exponential memory size to do that.SRGE [15] points out that more ranges can be expressed byusing Gray code than when using binary representation, but

it only reduces the worst case of row expansion to 2w − 4.DIRPE [14] suggests a tradeoff between row expansion andthe number of bits required to code the range. For encodingwithout expansion, it demands the unfeasible number of 2w−1bits.

The database-dependent range encoding techniques designthe encoding to efficiently encode the ranges that specificallyappear in the database. These techniques [16]–[20] use extrabits, in addition to the w bits of the range field. The basicidea [18] is to use the extra bits as a bit map: a single extrabit is assigned to each selected range in order to avoid theneed to represent it by prefix expansion.

Several works [16]–[20] deal with the scalability problemof this basic technique, which requires one bit per range.However, all these solutions still require either very long rows,proportionally to the number of encoded ranges, or they tradethat for row expansion. Moreover, some of these solutionsdemand extra logic or extra memory that makes them uselessin our case, where the number of ranges is high.

In [42] and [43] it was suggested to use negation rules onTCAM instead of row expansion, when applicable, such thatrules may specify the opposite of a range and a correspondingopposite action (e.g. ‘deny’ instead of ‘accept’ in ACL).This reduces worst-case expansion factor to w but does noteliminate it, and is only applicable in certain scenarios.

In [44] and [45] it was suggested to use the independenceof order between entries [44], or the independence betweeningress and egress linecards [45], in order to reduce thenumber of bits used to represent multi-field forwarding tables.Specifically, this reduces the width of TCAM entries andcompacts longer ranges to shorter ranges. It is possible touse our proposed encoding scheme can be used on top ofthe result tables provided by these works. In such a case, thiswill allow our scheme to represent longer ranges efficiently.However, our scheme is database independent and using suchtechniques will force it to be database-dependent.

Other works [21]–[24], [46], [47] improve the overallTCAM memory requirements for classification rules, or splitthe rules into multiple TCAM chips [48], [49]. However, theseworks do not focus specifically on range encoding, and can beused on top of most of the range encoding techniques includingthe one proposed in this paper.

Other works use TCAM for similarity search in databases.Shinde et al. [7] encode probabilistic hash functions on TCAMto implement locality-sensitive hashing [33]. Afek et al. [50]use TCAM to implement priority queues with a constant timelookup operation and as a by-product, to provide a TCAM-based sorting algorithm with O(n) time.

The limitation of all the methods has inspired a suggestionto change the TCAM hardware [13], to implement rangematching directly in hardware. However this solution changesTCAM architecture dramatically, and it does not seem feasiblein the near future, since TCAM is a popular memory chipthat exists in tens of millions of routers and switches today.Moreover, the solution harms the flexibility of TCAM imple-mentation, where every entry is simply encoded as a string ofternary bits, regardless of the fields type and borders.

Gray code [36] was originally designed for error correctionpurposes in communication networks. However, as shown


in [15], the reflectivity of this encoding can be used in TCAMs,along with the ternary representation provided by this device,to represent intervals. As ternary gray code cannot be usedto represent all possible intervals, it was suggested in [20] todivide intervals into layers, and use binary encoding of thoselayers to represent all intervals. In this work we rely on bothideas.

C. Nearest-Neighbor Search

The nearest neighbor search problem is formally definedby the following definition for points in a discrete space ofdimension d:

Definition 1: Given a set of data points S = {pi}ni=1,pi ∈ Z

d and a query point q ∈ Zd, THE NEAREST-NEIGHBOR

PROBLEM is to find the point s∗ = arg mins∈S D(s, q), whereD(s, q) is a distance between s and q.

As discussed above, in order to overcome the curse ofdimensionality, the accuracy of the solution is sometimescompromised. The c–APPROXIMATE NEAREST-NEIGHBOR

PROBLEM (c-ANN) searches for a point p ∈ S such thatD(p, q) < c ·D(s∗, q), where s∗ is the nearest point to q.

One important generalization of the nearest neighbor prob-lem that can be solved with minor adaptations of our frame-work is the THE k–NEAREST-NEIGHBOR PROBLEM, whichfinds a set S′ ⊆ S of k points such that for each p′ ∈ S′ andp ∈ S \ S′, D(p′, q) ≤ D(p, q). We show these adaptations inSection V-B.

A simpler problem that we will use as a building block inour algorithms only searches for a neighbor close enough tothe query point, or discovers that there is no such neighbor atall:

Definition 2: Given a set of points S = {pi}ni=1, pi ∈ Zd,

and a query point q ∈ Zd, let d∗ = mins∈S D(s, q). The

r–NEAR-NEIGHBOR REPORT PROBLEM is to find the points′ ∈ S such that D(s′, q) ≤ r if d∗ ≤ r, and to return false ifd∗ > r.

Note that under �∞, a solution for the r–NEAR-NEIGHBOR

REPORT PROBLEM is a data point within the d-dimensionalcube of edge length 2r that is centered in the query point.Thus, our framework for solving c-ANN can be viewed assolving (either in parallel or sequentially) a series of r–NEAR-NEIGHBOR REPORT PROBLEM instances for increasing valuesof r. As pointed out in [51], this solves the c-APPROXIMATE

NEAREST NEIGHBOR PROBLEM, where the approximationratio is determined by the maximum ratio between consecutivevalues of r.

One method for solving the NEAR NEIGHBOR REPORT

PROBLEM is bucketing [51]. The idea behind it is to dividethe d-dimensional space into a grid of d-dimensional cells.Given a point q located in some cell, we look for its nearestneighbor, p, in the cell. Then, we search for other points p′

in adjacent cells such that D(p′, q) < D(p, q). If such a pointp′ exists, we update p to be p′. We then continue looking forsuch points in adjacent cells until the distance of the cell’sboundary from q is larger than D(p, q). Other, more advancedspace-partitioning techniques to solve the NEAR NEIGHBOR

REPORT PROBLEM are kd-Trees [52] and Random ProjectionTrees [53]. However, all these methods are only useful if the

dimension of the search space (d) is low (e.g., around 10or 20) [33]. An experimental study [34] has in fact shownthat such approaches scale poorly with the number of dimen-sions d, and even when d > 10, they may perform worse thana brute-force scan.

Locality sensitive hashing (LSH) [51] is another tech-nique for solving instances of the NEAR NEIGHBOR REPORT

PROBLEM; its goal is to be more useful in higher dimensions.The idea of this technique is to find a family of hash functionsthat map neighboring points to the same hash bucket withhigh probability, so that if two points are in the same bucket,they are likely to be close-enough neighbors. One could createdifferent LSH solvers for different NEAR NEIGHBOR REPORT

PROBLEM instances and thus provide an approximated solu-tion for the nearest-neighbor problem. The size of the hashfunction family depends on the size of the data set, ratherthan on the space dimension. LSH was further investigatedand later works provided better approximation and runningtimes [33], [54]. Building on the LSH idea, Lv et al. [55]proposed reducing the number of hash functions by multipleprobing of hash buckets that are likely to contain queryresults. Another LSH-based approach is locality sensitive B-trees (LSB-Trees) [56], which improves the running time andquality of results. In Section V-E we show, however, thatfor high-quality results, the computation time of LSH canbe relatively long, and incomparable to the computation timerequired by our solution.

A different approach to tackle the curse of dimensionalityis to use parallel hardware. For example, graphics processingunits (GPUs), which are currently fully programmable usingCUDA and OpenCL, have hundreds of computing cores,and can help reduce the effect of higher dimensions. Twofast nearest neighbor search implementations were presentedin [37], [57], and [58]. These implementations, both written inCUDA, basically perform a multithreaded brute-force scan ofthe data set using a GPU. A GPU was also used to implementa parallel version of the LSH algorithm [59]. While theseapproaches leverage the parallelism of GPUs and providemuch faster solutions than previous approaches, we show inSection V-E how TCAM can provide an even more time-efficient solution to the nearest-neighbor problem.

To the best of our knowledge, using TCAM for near-est neighbor search has been considered only once, byShinde et al. [7] who proposed the TLSH scheme, where aTCAM device is utilized to implement LSH with a series ofTCAM lookup cycles. In this scheme, each database point ismapped to a ternary code, where each ternary digit is generatedusing a random projection and dividing the projected line intom bins whose assignments alternate between ternary digits[0, ∗, 1, ∗, 0, ∗, 1, · · · ]. As the ‘*’ digit can match both ‘0’ and‘1’, this assignment blurs the boundaries between the 0 and1 bins such that the ternary hashed representation of nearbypoints matches with high probability. Our algorithms, however,are deterministic and take a completely different approach,as we will highlight in the rest of the paper.

III. ENCODING SCHEME FOR SHORT RANGES

Our goal is to encode a range up to a certain length hmax

using a single TCAM entry of as few bits as possible. Such


Fig. 3. Encoding trees for Binary Reflected Gray Codes of length 1, 2, and 3 bits.

code will allow encoding classification rules with multipleranges without row expansion at all.

A. Basic Definitions

We begin with some basic definitions that will be usedthroughout the rest of this section. First, we define a ternarybit-wise comparison:

Definition 3: Let a = a0, . . . , am and b = b0, . . . , bm betwo ternary words (ai, bi ∈ {0, 1,*}). a matches b, denoteda ≈ b, if and only if for every i ∈ {0, . . . , m}, either ai =bi, or ai is *, or bi is *.

RENÉ encodes ranges in discrete spaces. We begin bydefining an encoding function tcode for values and ranges.Let U = [0, 2w) ⊂ N0 be a range on the natural line. RENÉ’sencoding function tcode encodes either a value v ∈ U , or arange R ⊆ U . It is important to note that RENÉ treats U asa cyclic ‘wrap-around’ space and thus throughout this paper,any range [x, y) refers in fact to [x, y mod 2w).

The result of the encoding function is either a binary word(for exact values) or a ternary word (for ranges), and we expectthat a ternary match tcode(v) ≈ tcode(R) will imply thatthe value v is inside the range R. This is formally defined asfollows:

Definition 4: An encoding function tcode is admissibleif for every value v ∈ U and every range R ⊆ U , tcode(v) ≈tcode(R) if and only if v ∈ R. Furthermore, for any pointv ∈ U , tcode(v) does not contain ‘*’ symbols.

B. Binary-Reflected Gray Code for TCAM

The binary-reflected Gray code (BRGC) [36] is a binaryencoding of integers in a contiguous range such that the codesof any two consecutive numbers differ by a single bit. A b-bitsBRGC is constructed recursively by reflecting a (b − 1)-bitsBRGC.2

Definition 5: The BRGC encoding functionBRGC(v, 2w) encodes a point p (where 0 � p < 2w)with w bits. It is defined recursively as follows:

BRGC (0, 1)= ε

BRGC (p, 2w) ={

0 · BRGC (p, 2w/2) if p < 2w/2

1 · BRGC (2w−p−1, 2w/2) otherwise

where ε is the empty word and ‘·’ denotes concatenation.

2The BRGC of a value x can be directly calculated using the followingformula: x ⊕ (x � 1), where ⊕ and � are the bitwise operations of XORand Right Shift, respectively.

For example, BRGC(4, 8) = 1 · BRGC(3, 4) =11 · BRGC(0, 2) = 110 · BRGC(0, 1) = 110. An examplefor values in [0, 16) is shown in Figure 2.

Figure 3 shows the recursive process of constructing BRGCfor n = log w = 3 bits. We begin with n = 1, where 0 isencoded as 0 and 1 is encoded as 1. To construct the code forn = 2, the code is duplicated and reflected, and an additionalleading 0-bit (1-bit) is added to the first (second) part. Theresult is can be viewed as a tree with two levels, wherethe encoding of a number (a leaf) is the sequence of binarydigits (transitions) that lead to it. This process can continuerecursively for any number of bits. The BRGC codeword canalso be computed directly using a simple formula

By wildcarding some of the bits of a BRGC codewordwe can create a ternary range representation. For example,as can be seen in Figure 2, the ternary word *1** matchesall values in the range [4, 11]. In fact, when looking at thistree representation of the BRGC encoding, we observe that allranges that exactly contain a full sub-tree, or two adjacent fullsub-trees, can be represented using a single ternary BRGCcodeword (namely, a BRGC codeword where some of the0-1 bits were replaced by ‘*’ symbols).

Before formulating and proving this observation we definethe following terms that will be used in the proof:

• k-prefix is a ternary word in which the k least significantbits are ‘*’ and the rest are either 0 or 1.

• k-semi-prefix is a ternary word in which the k leastsignificant bits are ‘*’, one additional bit is also ‘*’, andthe rest are either 0 or 1.

We now formulate and prove the following theorem:Theorem 1: If all values are BRGC-encoded, then a single

ternary BRGC codeword suffices to admissibly encode a rangeR = [x, y mod 2w) if and only if there exist non-negativeintegers i, k, for which x = i · 2k and y = (i + 2) · 2k.Specifically, one of the following cases holds:

1) If i is even, the (k + 1) least significant bits of thecodeword are *, and the rest are either 0 or 1. Thus,the ternary codeword is (k + 1)-prefix.

2) If i is odd, the k least significant bits of the codewordare *, one additional bit is *, and the rest are either0 or 1. Thus, the ternary codeword is k-semi-prefix.

Proof: The proof follows by induction on k: For k = 0,ranges are [i, i + 2). These ranges are simply two adjacentleaves in the BRGC tree representation, and, by definition ofGray code, they differ in a single bit only.


Fig. 4. BRGC encoding tree for points in range [0, 16), and ternary representations of intervals of lengths 4, 8 that can be represented using this encoding.

If i is even, then there is an even number of leaves beforethese two, and thus these two leaves are siblings and havea common direct ancestor x with height k + 1 = 1. Thus,the (k + 1)-prefix that is the concatenation of the log(w)− 1bits that represent the path to x with one *, represents therange [i, i + 2) (case 1 in Theorem 1).

If i is odd, then the two leaves do not have a common directancestor. However, they do have some common ancestor upin the higher levels of the tree, let it be at height h. Thus,their representation differ in the hth bit. Since the codewordsof i and i + 1 differ only in one bit, there are no additionalbits where they differ. Therefore, the k-semi-prefix in whichthe hth bit is * and the rest of the bits are as in i and i + 1BRGC codewords, represents the range [i, i + 2) (case 2 inTheorem 1).

We assume that the lemma is correct for some k, and showthat it is correct also for k+1: Let R = [i ·2k+1, (i+2) ·2k+1)be a range of length 2k+2, for some positive integer i. Letj1 = 2i, j2 = 2i+2, and let R1 = [j1 ·2k, (j1 +2) ·2k), R2 =[j2 · 2k, (j2 + 2) · 2k) be two ranges of length 2k+1. Then,R = R1 ∪ R2, and since j1 and j2 are even, R1, R2 can berepresented using (k + 1)-prefixes (case 1 in Theorem 1).

If i is even, then in the tree representation of the BRGCencoding there exists an even number of subtrees of heightk + 1 before the subtree that represents R1. Thus, the rootsof the subtrees that represent R1, R2 are siblings, and thefirst w − k − 2 bits of their ternary BRGC codewords areequal. Wildcarding the k + 2 least significant bit wouldyield a (k + 2)-prefix that represents their union and thusrepresents R.

If i is odd, then the roots of the subtrees that representR1, R2 are not siblings, but they do have some common ances-tor. We denote the right bound of R1 as x = (2i + 2) · 2k − 1and the left bound of R2 as y = (2i+2) ·2k. x and y are twoconsecutive integers and thus their BRGC representation differin one bit only. If we assume towards a contradiction that thedifference is in one of the k + 1 least significant bits, thenboth BRGC codewords of these points share the same prefixof length that is greater than w− k− 1, so the two values canbe represented using the same subtree of height k + 1, whichis impossible as R1 = R2. Thus, the difference between thetwo codewords is in one of the w−k−1 most significant bits,and the (k + 1)-semi-prefix that has ‘*’s in this bit and in thek +1 least significant bits, represents the union of R1 and R2

which is R.

Fig. 5. Encoding structure for a value or range of length h.

Figure 4 illustrates the BRGC encoding tree for all pointsin the range [0, 15], and the ternary encoding for all intervalsof lengths 4, 8 that satisfy the condition above.

Theorem 1 implies that when encoding ranges of length h,the log2(h) − 1 least significant bits are always ‘*’ thus onecan save TCAM space by omitting these uninformative bits.

C. An Encoding Function for Ranges

We call those ranges that can be encoded using a singleternary BRGC codeword trivial ranges, and all other rangesnontrivial ranges. In this section, we extend the BRGC encod-ing scheme so that it can encode in a single ternary wordnontrivial ranges as well. We append extra bits to the end ofBRGC codewords, as depicted in Figure 5: w − log2(h) + 1bits are used for the binary BRGC encoding of a value v ∈ U ,or for the ternary BRGC encoding of some trivial range R.To encode nontrivial ranges of length h = 2k (k ∈ N0), at mosth− 2 bits are added as extra bits.

The key idea of RENÉ is to divide all ranges of some lengthh = 2k (k ∈ N0) into h layers, such that a layer Li

h is the set ofall ranges [x, x+h) for which x mod h = i. Note that two ofthese layers contain only trivial ranges (L0

h and L2k−1

h ). We areleft with h−2 layers that contain nontrivial ranges. We assignan extra bit for each layer of nontrivial ranges. The value ofthis bit alternates between adjacent ranges in the same layer,such that for any pair of consecutive ranges in the same layer,the value of the bit corresponding to this layer is different.Hence, for a value v ∈ U , tcode(v) is the 1 + w − log2(h)most significant bits of BRGC(v), concatenated with h − 2extra bits. The value of the ith extra bit corresponds to layerLi

h and is set to⌊

v−ih

⌋mod 2.

For nontrivial ranges we define their cover range as follows:Definition 6: For any nontrivial range of length h = 2k

(k ∈ N0), R = [x, x + h), let the cover range of R, denotedby cover(R), be the range [x/h� ·h, (x/h�+ 2) · h).

We first notice the following property of cover ranges:Lemma 1: For any range R = [x, x + h) of length h = 2k

(k ∈ N0), cover(R) fully contains R.


Fig. 6. Encoding for all sub-ranges of length 4 and values in range [0, 16). Left bits are the ternary BRGC encoding. Right bits are the extra bits fornontrivial layers. The bits in gray can be removed as explained in Section III-B.

Proof: Assume by contradiction that R starts beforecover(R) starts or ends after cover(R) ends. If R startsbefore cover(R), x < x/h� ·h. So x/h < x/h�, which isof course impossible. Also, if R ends before cover(R) ends,x + h > (x/h�+ 2) · h. This implies that x/h > x/h�+ 1which is also impossible, and thus a contradiction.

Note that the existence of the cover range is a uniqueproperty of the binary-reflected Gray code. The cover rangecover(R) helps us distinguish R from other ranges in thesame layer. For range R = [x, x + h) ∈ Li

h of length h = 2k

(k ∈ N0), tcode(I) starts with the 1 + w − log2(h) mostsignificant bits of the ternary BRGC representation of R, if Ris trivial, or of cover(R), if R is nontrivial. Then, h−2 extrabits are concatenated one after the other where the ith bit iseither * if I /∈ Li

h or⌊

x−ih

⌋mod 2 otherwise (namely, all the

extra bits except one are *).Our main result is that RENÉ’s encoding function, tcode ,

is an admissible encoding function for ranges of any lengthh = 2k (k ∈ N0). The total length of the admissible encodingproduced by tcode for a single value or range is hence w−log(h) + h− 1.

Before proving this result (Theorem 2), we introduce thefollowing two technical lemmas:

Lemma 2: If a range R is nontrivial, then no other rangefrom the same layer is fully contained in cover(R).

Proof: Assume R = [x, x + h), where h = 2k, and thatthere exists another range from the same layer, R′, that isalso fully contained in cover(R). By the definition of thelayers, R and R′ are both of length h and are not overlapping.By Definition 6, cover(R) is of length 2k+1, implying thatthe union of R and R′ is equal to cover(R), but since bothranges are fully contained in the cover, the union is exactlythe cover. This, in turn, implies that x mod h = x/h�.Choosing i = 2 x/h� yields that R = [i · 2k, (i + 2) · 2k)and thus, by Theorem 1, R is a trivial range, in contrast to theassumption.

Based on this property of cover ranges, we can completelydistinguish between ranges in the same layer using the extrabits we added to the ternary BRGC encoding:

Lemma 3: Let R = [x, x + h), where h = 2k, be a rangein Li

h. For every value v in cover(R), if v ∈ R, v has thesame bit value as R, and if v /∈ R, then v has the opposite bitvalue.

Proof: Assume that a value v ∈ R, has a bit value that isdifferent than the bit value of R. v is in R so v− x � h, andthus

⌊v−ih

⌋=

⌊x−ih

⌋, meaning that the bit value of v must be

equal to the bit value of R.

To prove the other direction, assume that a value v /∈ Rhas the same bit value as R. Let Rbefore = [x− h, x) be therange that precedes R in Li

h and Rafter = [x + h, x + 2h) bethe range that succeeds R in Li

h. The bit value of Rbefore andRafter must be different than the bit value of R as they areboth adjacent to R. Since v ∈ cover(R) but not in R, andsince the length of cover(R) is at most 2h, v must be eitherin Rbefore or in Rafter, and thus it must have the oppositebit value than R.

We now turn to the main theorem.Theorem 2: The function tcode is an admissible encoding

function for ranges of length h = 2k.Proof: Assume that there exist a value v and a range R

for which v ∈ R but tcode(v) ≈ tcode(R). v is in R sothe ternary BRGC of R (in case R is trivial) or of cover(R)(in case R is nontrivial) must match the BRGC encoding ofv ternary-wise. Thus, some extra bit does not match. Sincefor trivial ranges all extra bits are *, R must be nontrivial.For nontrivial ranges, only one extra bit in tcode(R) is nota ‘*’. However, this bit must be equal to the correspondingbit in tcode(v) by Lemma 3, which is a contradiction to theassumption that tcode(v) ≈ tcode(R).

To prove the opposite direction, assume that there exist avalue v and a range R for which tcode(v) ≈ tcode(R)but v /∈ R. The BRGC encoding of v must match the ternaryBRGC encoding of R (in case R is trivial) or cover(R)(if R is nontrivial). If R is trivial and there is a match thenv ∈ R, as all extra bits in tcode(R) are ‘*’. Thus, R mustbe nontrivial, and v must be inside cover(R). However byLemma 3, if v ∈ cover(R) and has the same bit value as Rfor the layer R belongs to, then v must be in R.

Figure 6 shows the encoding of all sub-ranges of length 4in range [0, 16). Note that the first and third layers do notrequire extra bits, so these are both set to * in their encoding.In other layers, the corresponding extra bit alternates betweenranges in the same layer. For example, the range [1, 4], whichcannot be encoded solely using a ternary BRGC codeword,is encoded as 0***1*, where the fifth bit is the extra bit thatcorresponds to the second layer. Only points in [1, 4] matchthis encoding.

D. Encoding Multiple Range LengthsGiven RENÉ’s encoding function for ranges of some max-

imal length hmax we can encode, without using more bits,all ranges whose lengths are smaller than hmax as well.We define a logical conjunction operation, denoted by �,to encode the intersection of two ranges. The truth table


TABLE I

THE TRUTH TABLE OF A TERNARY LOGICAL CONJUNCTION,DENOTED BY THE � OPERATOR

of such a conjunction is given in Table I. ⊥ means anundefined output, and we later make sure to never get suchan output when using this operation. For two ternary words,a = a0, . . . , am and b = b0, . . . , bm, the conjunction c = a�bis the ternary word where ci = ai � bi. If at least one ofthe symbols ci is ⊥, then c is also marked as ⊥ and is notdefined. Note that the conjunction operation is independent ofthe specific encoding function.

The essence of the conjunction operation is captured in thefollowing two lemmas:

Lemma 4: For any value v ∈ U and any two rangesR1, R2 ⊆ U , if tcode is an admissible encoding functionfor R1 and R2, then tcode(v) ≈ tcode(R1)�tcode(R2)if and only if v ∈ R1 ∩R2.

Proof: Assume tcode(v) ≈ tcode(R1) � tcode(R2)and v /∈ R1 ∩R2. Without loss of generality, assume v /∈ R1.Since v /∈ R1 and tcode is an admissible encoding function,there exists some i for which tcode(v)i = *, tcode(R1)i =*, and tcode(v)i = tcode(R1)i. Without loss of gen-erality, let tcode(v)i = 0, so tcode(R1)i = 1 andtherefore tcode(R1)i � tcode(R2)i is either 1 or ⊥. Thus,by definition, tcode(v)i ≈ tcode(R1)i � tcode(R2)i

implying tcode(v) ≈ tcode(R1) � tcode(R2), which isa contradiction.

To prove the other direction, assume that v ∈ R1 ∩ R2.Since v ∈ R1 and v ∈ R2 and tcode is admissible,tcode(v)i ≈ tcode(R1)i and tcode(v)i ≈ tcode(R2)i,for any i. The admissibility of tcode also implies thattcode(v)i is either 0 or 1. Assume without loss of generalitythat for some i it is 0. Then, tcode(R1)i and tcode(R2)i

are either 0 or *. Hence, tcode(R1)i � tcode(R2)i iseither 0 or *, and therefore, tcode(v)i ≈ tcode(R1)i �tcode(R2)i. Since this is true for any i, it implies thattcode(v) ≈ tcode(R1) � tcode(R2), and the claimfollows.

Lemma 5: If tcode is an admissible encoding functionfor R1 and R2, and the result of tcode(R1) � tcode(R2)is ⊥ then R1 ∩R2 = ∅.

Proof: Assume tcode(R1) � tcode(R2) = ⊥ and tothe contrary, that R1 ∩ R2 = ∅. Then, there exists some ifor which, without loss of generality, tcode(R1)i = 0 andtcode(R2)i = 1, and some value v ∈ R1 ∩ R2. From theadmissibility of tcode , if v ∈ R1, then tcode(v) = 0,and thus v /∈ R2, and if v ∈ R2, then tcode(v) = 1, andthus v /∈ R1, which is a contradiction.

Note that the other direction of Lemma 5 is not necessarilytrue: the conjunction of codes of two disjoint ranges may notbe ⊥.

We assume that there is a value hmax = 2kmax , which isthe maximum length we should consider. Note that any range

Algorithm 1 Encoding Function for a Value v

1: function tcode (v, hmax)2: � v - value, hmax - maximal range length3: word← BRGC(p)� (log2(hmax)− 1) � Bitwise

shift4: for i← 0 to (hmax − 1) do5: if layer is skipped then6: continue � Optional - encode less layers7: end if8: if layer is nontrivial (i = 0 and i = hmax

2 ) then

9: b←⌊

v−ihmax

⌋mod 2

10: word← (word� 1)|b � Bitwise OR11: end if12: end for13: return word14: end function

[x, x + h) of length h < hmax (h is not necessarily a powerof 2 anymore) can be written as the intersection of two rangesof length hmax as follows:

[x, x + h) = [x + h− hmax, x + h) ∩ [x, x + hmax).

Using the conjunction operator and Lemma 4 we can constructthe code for ranges of any length h � hmax , with hmax − 2extra-bits:

tcode([x, x + h))= tcode([x + h− hmax, x + h)) � tcode([x, x + hmax)).

We also know from Lemma 5 that tcode([x, x + h)) is not⊥ as the intersection is never empty.

The encoding function tcode(v) for some value v whenusing any range lengths up to hmax is shown in Algorithm 1.When encoding a range R of length h � hmax that is centeredat some point v, Algorithm 2 is used to obtain tcode(R).

The length of the resulting encoding of a value v ∈ U or arange R ⊆ U is therefore w − log2(hmax) + hmax − 1.

E. Running Time Analysis

Computing tcode for either a value or a range is simple:results only depend on the value or range themselves, andthe maximal range length hmax. The running time of bothfunctions, for a value and a range, is linear with hmax, anddoes not depend in the number of encoded ranges: O(hmax)when encoding a value and O(hmax + h) when encoding arange of length h � hmax.

F. Lower Bound on the Number of Bits per Range

As previously recalled, Lakshminarayanan et al. [14] intro-duced the worst-case necessary condition of 2w − 1 bits toencode a w-bit range. We use this observation to introduce alower bound for the number of bits required to encode ranges,when their lengths are limited by some upper bound hmax:

Theorem 3: In order to represent any ranges up to lengthhmax without row expansion, in a field of width w bits, at leastmax(hmax − 1, w) bits are necessary.


Algorithm 2 Encoding Function for a Range [s, t]1: function tcode ([s, t], hmax)2: � [s, t] - range, hmax - maximal range length3: if t− s + 1 = hmax then4: � Encode range as an intersection5: R1 = [s, s + hmax − 1]6: R2 = [t− hmax + 1, t]7: Γ← {R1, R2}8: else � Encode range directly9: Γ← {[s, t]}

10: end if11: result← 012: count← 013: for [x, y] ∈ Γ do14: mask ← 015: for i← x + 1 to y do16: mask ← mask|(BRGC(i− 1)⊕BRGC(i))17: � bitwise OR and XOR18: end for19: word← BRGC(x)� (log2(hmax)− 1)20: mask ← mask� (log2(hmax)− 1)21: for i← 0 to (hmax − 1) do22: if layer is skipped then23: continue � Optional - encode less layers24: end if25: if layer is nontrivial (i = 0 and i = hmax

2 ) then26: if x mod hmax = i then � Irrelevant layer27: mask ← (mask� 1)|1 � Put a ‘*’28: word← word� 129: else � [x, y] is in this layer30: mask ← mask� 131: b←

⌊x−i

hmax

⌋mod 2

32: word← (word� 1)|b33: end if34: end if35: end for36: if count > 0 then37: result← result � (word, mask)38: else39: result← (word, mask)40: end if41: count← count + 142: end for43: return result44: end function

Proof: The maximal range length hmax is given as somefixed value. We show that the theorem is correct for any w �log2(hmax), as a field with less bits than that cannot haveranges of length hmax. For w = log2(hmax), the range fieldstarts at 0 and ends at hmax−1 and is of size of exactly hmax.According to the condition in [14, Th. 1], to encode all rangesin this field, the worst-case length of the ternary representationis at least 2w − 1 = hmax − 1 bits.

The proof of [14, Th. 1] stems from the fact that for arange of size 2w there are 2w−1 contained sub-ranges that are

also contained in each other (and thus are overlapping), and asingle bit per range is necessary to distinguish between them.When using a range field with more bits (i.e. larger w), we donot reduce the number of possibly overlapping range. Thus,the number of required bits cannot be lower than hmax − 1(note that this lower bound is not necessarily tight).

In any case, and specifically when w > hmax − 1, atleast w bits are necessary to represent singular values (rangesof length 1).

IV. RENÉ FOR PACKET CLASSIFICATION

Range encoding on TCAM has been used for packet clas-sification for long time. Row expansion significantly limitedits usage when multiple header fields are ranges, leadingvendors and administrators to avoid such situations as muchas possible. However, next generation SDN applications, suchas load balancers, security tools, and quality of service, relyon sophisticated packet classification that is performed on thedatapath itself (i.e. the switch) [9]–[11], [60]. Most of thesesolutions require range based matching on multiple headerfields. We summarize several examples for such fields andmetadata information that can benefit when using RENÉ:

• TCP/UDP Port Fields: In real-life datasets, short ranges(up to length 64) sometimes consist more than 60% of theunique ranges [15]. Thus, if a network administrator usesmainly short ranges for TCP/UDP port fields, or even foronly one of these fields, RENÉ may suit their needs.

• Network ToS (or DSCP): In both the deprecated ToSfield and the new DSCP field the precedence is setusing an increasing value, and to specify one or moreprecedence classes, either an exact value or a short rangeshould be used.

• Packet Size: Packet size (e.g. IP total length field) canbe a useful piece of information for packet classification.When classifying according to this property, a catego-rization can be done in order to reduce range lengths.As usually one does not classify packets according to aspecific length, but rather according to categories (small,medium, large, etc.), short ranges can be used to representmultiple categories. For example, a recent attack namedTsunami SYN Flood Attack can be identified based on thesize of packets (about 1000 bytes or more) [61].

• Timestamp and Counters: Recent works suggest addingpacket’s metadata such as hit counters and timestamps(or time deltas) to classification data path, for example inOpenFlow switches [60]. It is likely that classification onsuch fields would be based on ranges and not on exactvalues, and thus RENÉ may be used.

• IP Spoofing Detection: In order to protect against IPspoofing and attacks that use this technique (e.g., DDoS),it was suggested to inspect the IP TTL value and concludeabout possible spoofed packets [62], [63]. The detectionis based on the fact that the TTL value does not changedramatically over short time for the same host or subnet,and these values can be found using ping and othertools. Thus, if a packet with IP from a known subnetcomes with a TTL value that is too far from the expectedvalue, it is classified as spoofed and dropped.


Since the TTL value is not compared to an exact value,but rather to a short range, RENÉ can be used inorder to implement IP spoofing detection on classificationhardware with TCAM.

• AS Numbering: BGP routers and SDX [64] sometimesmake classification decisions based on autonomous sys-tems (ASes) numbers. Large ISPs and content providersusually hold multiple, consecutive AS numbers [65],which form one or more short ranges. For example,Comcast has multiple such short ranges 7015-7016,33489-33491, 33650-33668 (in addition to five morenon-consecutive AS numbers). Grouping AS numbersto ranges can reduce the total number of classificationrules, as long as no row expansion is induced. RENÉ fitsthis goal as the ranges are short and it induces no rowexpansion.

A. Evaluation and Experiments

1) Experiment on an OpenFlow Switch: We implementedRENÉ and a sample SDN application that uses it for packetclassification over the Ryu SDN controller [66]. We use aNoviFlow NoviKit 250 hardware switch that supports Open-Flow 1.3 [3] and has an internal TCAM. Our code is availableat https://github.com/yotamhc/rene.

Classification uses OpenFlow table pipeline in the followingway: First table, given a destination TCP port for a packet,writes its translation into RENÉ’s encoding to the metadatafield (using the OpenFlow’s Write-Metadata instruction). Thistable is precomputed on the controller and contains up to 64Kentries - an entry for each port number. Then, second tablematches the packet according to the metadata only (originalport information is not necessary at this stage), and forwardsit accordingly.

On the same switch, when a packet is classified based ononly its TCP port, without table pipeline, the total round-trip time to and from the switch, using a 1Gbps copperlink, is 157μs. Using our table pipeline, such round-trip takes161μs. Thus, latency increases by only 2.5%, which is anegligible factor.

2) Quantitative Evaluation: To evaluate the quality ofRENÉ’s encoding function tcode we compare it with bestprior-art encoding techniques that can provide no row expan-sion: DIRPE [14], a database-independent encoding schemeand LIC [20], a database-dependent encoding scheme. We donot compare RENÉ to SRGE [15], for example, as it requiresrow expansion. We evaluate the database dependent schemeLIC both in its worst case, where all ranges are to berepresented, and using a commercial classification dataset with257 range rules. Since our goal is no expansion of TCAMentries, we compare the amount of TCAM bits requiredfor a single range field, such that no expansion is inducedwhatsoever. Using the classification database, LIC performsworse than RENÉ on ranges up to length 32. When the datasetcontains much higher number of ranges, LIC always performsworse than RENÉ.

Figure 7 shows the bit requirement of each encoding tech-nique, given the maximal length of encoded ranges, assuminga 16-bits range field. In addition, it shows the lower bound

Fig. 7. Analysis of the number of TCAM bits required for a 16-bits rangefield when representing all ranges of up to a given length.

of max(hmax − 1, w) bits (see Theorem 3), as a black,dotted line. Evidently, RENÉ (blue, solid line) is much closerto the lower bound than all other techniques. Moreover,the bit requirements for database-dependent techniques suchas LIC [20] are higher by an order of magnitude, when allranges up to a certain length should be encoded. The database-independent technique DIRPE [14] always requires 2w−1 bitsas it does not use the additional information on the maximalrange length.

V. RENÉ FOR NEAREST NEIGHBOR SEARCH

TCAM is a powerful device with high parallelism thatcan also be used for tasks outside of the networking fields.Just as TCAM has broken the performance limits of packetclassification and IP lookup in networking, it can also beused to break such computational limits in problems fromother fields, serving as a coprocessor for the CPU, similarlyto a GPU or FPGA. RENÉ can be used to implement onsuch TCAM applications that use the nearest-neighbor prob-lem or its variants. We show several such variants in thissection, and by experiments and simulations we show thatRENÉ can improve their performance by orders of magni-tudes.

Multidimensional nearest neighbor search (NN) lies at thecore of many computer science applications. The formaldefinition of the problem in the space of integers is providedin Section II-C.

The NN problem and its variants are utilized in a widerange of applications, such as spatial search, object recogni-tion, image matching, image segmentation, classification anddetection, to name a few [26]–[28].

In this section we present super high-speed algorithms forthe NN problem using TCAM as a coprocessor, and ourencoding scheme RENÉ. The proposed algorithms solve theANN problem with �∞-normed distance using a single TCAMlookup and linear space.

The r–NEAR-NEIGHBOR REPORT PROBLEM is a simplerproblem that we will use as a building block in our algorithms.It only searches for a neighbor close enough to the querypoint, or discovers that there is no such neighbor at all. It isformally defined in Definition 2.

Using RENÉ’s encoding function tcode , a single ternarymatch can determine whether a given d-dimensional point is


Fig. 8. Illustration of the two alternative algorithms for Nearest Neighbor Search using TCAM. Left: Encoding nested cubes around each point in thedatabase. A query is a point in this encoding, and the result is the smallest cube encompassing the query point. Right: Encoding cubes around the query pointsand the data is encoded as points. A query is a sequence of nested cubes in increasing edge length. The result is the first data point that matches a cube.

Algorithm 3 Encoding Function for a d-Dimensional Point

1: function TCODE(p[], d, hmax)2: word← ε3: for i← 1 to d do4: word← word + tcode(p[i], hmax)5: end for6: return word7: end function

Algorithm 4 Encoding Function for a d-Dimensional Cube

1: function TCODE(p[], d, h, hmax)2: word← ε3: for i← 1 to d do4: word ← word + tcode([p[i] − h/2� , p[i] +h/2�], hmax)

5: end for6: return word7: end function

inside a given d-dimensional cube: To encode a d-dimensionalpoint, or a d-dimensional cube, each coordinate is encodedusing the tcode function, and the codewords of all dcoordinates are concatenated into a single ternary word.The encoding functions for a d-dimensional point and for ad-dimensional cube are shown in Algorithm 3 and inAlgorithm 4, respectively.

A. Approximate Nearest-Neighbor Search

Our APPROXIMATE NEAREST-NEIGHBOR SEARCH algorit-hms solve in fact multiple instances of the r-NEAR NEIGHBOR

REPORT PROBLEM for increasing values of r. In �∞, the valueof r defines a cube around each data point p such that for allquery points q inside that cube, p is a valid solution of ther-NEAR NEIGHBOR REPORT PROBLEM with q, and for allquery points outside that cube p is not a valid solution.

Our time-efficient method solves the APPROXIMATE

NEAREST-NEIGHBOR SEARCH in a single TCAM lookup.Given a set H of edge lengths, let hmax = maxhH. For eachpoint p ∈ S and h ∈ H we store a TCAM entry representing ad-dimensional cube centered at p, with edge length h. Entries

are sorted by the value of h: the smaller h is, the higher thepriority of the entry.

Given a query point q ∈ [0, w)d, we use tcode to builda d-dimensional point representation for maximal edge lengthof hmax, and use a single TCAM lookup to find the smallestcube that contains the point q. The TCAM returns the highestpriority entry that matches, which is the entry of the cube thatis centered at some point p, has the shortest edge length, andcontains q. An example is shown in Figure 8 (left). Note thatin general, p is not necessarily the exact nearest neighbor of q(as there may be more than one such cube with the same edgelength h). However, the distance (under �∞) of q from its exactnearest neighbor is strictly more than

⌊12 maxh′∈H{h′ < h}⌋.

As we will show later, by carefully choosing the edge lengthset, we can obtain a c = 1 + ε approximation factor, wherethe size of H is inversely proportional to ε.

In our memory-efficient method, the data points and querypoints switch roles: we store in the TCAM a single entry foreach data point. The order of the entries does not matter. Upona query q, we construct a sequence of |H| cubes centered inp with edge lengths in H. Then, we perform TCAM lookupswith cubes of increasing edge length values until a match isfound. As in the previous method, if a point was matched witha query of edge length h, then it is a solution of the h/2-NEAR

NEIGHBOR REPORT PROBLEM.1) Analysis of Approximation: LetH = {h1, h2, . . . , hmax}

such that hi < hj for each i < j. Matching a data pointp corresponding to a cube with edge length hi implies thatD(p, q) ≤ ⌊

hi

2

⌋(where D is defined under �∞). Since hi is

the first edge length to be matched, D(s∗, q) ≥⌊

hi−12

⌋+ 1

(s∗ is the exact nearest neighbor of q). This implies that under�∞, both methods solve the c-APPROXIMATE-NEAREST-NEIGHBOR PROBLEM for c = maxhi∈H

�hi/2��hi−1/2�+1 , where

hi is the ith smallest element in H and h1 = 1 ∈ H.3

In order to get the exact nearest neighbor in �∞, one canchoose H to be the set of odd numbers. Reducing the sizeof H reduces the number of required entries, but decreasesthe quality of the results. For example, to get a c-approximatesolution,H can consist of all even values up to 2/(c−1), alongwith the values of a geometric series starting at 2/(c−1), withthe parameter c.

3To get a bounded approximation ratio, 1 must be added to H.


When distances are defined under �p norms, for finite valuesof p ≥ 1, the approximation ratio is at most c· p

√d in �p, where

c is the approximation ratio in �∞.2) Database Update: Our algorithms allow efficient hot

updates in the lookup database (the set S). Deletion ofdata points is trivial (simply delete all corresponding entriesfrom the TCAM). When using the time-efficient method,efficient addition of new points is possible by keeping someempty TCAM entries between entries of different edge length,by adding entries for the corresponding cubes in these emptyslots. Also, one can track deletion for more empty slots.Nevertheless, this further increases space requirement.

When using the memory-efficient method, the situation issimpler: since the order of entries is not important, pointaddition or deletion requires a single TCAM entry update.

B. Exact Nearest-Neighbor Search in �p

Our algorithms achieve p√

d approximate solution under �p

norm. We suggest the following extension to find (exactly) thenearest neighbor under �p: For each data point s ∈ S and foreach edge length h ∈ H, we precompute the neighborhoodset N (s, h) = {s′ ∈ S | Dp(s, s′) ≤ h p

√d}, where Dp is

the distance between the two points under the p-norm. Theneighborhood sets are stored in memory. Precomputing thesesets is possible since datasets are relatively static and theneighborhood sets do not depend on the query points.

Since for every two points, the distance in �p is at mostp√

d the distance in �∞, we immediately conclude that if thealgorithms described in Section V-A return a data point s forquery point q with some distance h ∈ H, then the exact nearestneighbor in �p of q is in N (s, h).

While this method requires additional computations follow-ing the TCAM lookup, in most datasets the number of pointsin N (s, h) would be very small. In our experiments (seeSection V-E) N (s, h) contained only s itself for lower valuesof h in most cases and was small even for higher values ofh. Thus, the time required to find the exact nearest neighboris still much shorter than that required for brute-force over allpoints in the database.

The precomputed neighborhood sets can also be used to findk-nearest neighbors instead of only one. However, the numberof neighbors in these sets might be smaller than k, so oneTCAM lookup might not suffice. To find the set of k exactnearest neighbors, the lookup process should continue untilk or more neighbors are found, and also until no moreneighbors are found in cubes whose edge length is equal tothat of previous neighbors. This process is formally describedin Algorithm 5, assuming a multi-match technique such as theone presented in [14] is used.

C. Algorithms for the Partial Match Problem

The PARTIAL MATCH PROBLEM is defined as follows:Definition 7: Given a set of data points S = {pi}ni=1,

pi ∈ Zd, a query point q ∈ Z

d, and a subset of the dimensionsDq ⊆ {1, . . . , d} of size dq < d, THE PARTIAL MATCH

PROBLEM is to find the point s∗ = argmins′∈S D(s′, q)|Dq ,where D(a, b)|Dq is the distance between a and b under some

Algorithm 5 Exact k-NEAREST NEIGHBORS SEARCH Algo-rithm in �p

1: function FIND-EXACT-KNN(q, S, k)2: N = ∅ � Candidate neighbors set3: hlast = −14: repeat5: (s, h)← TCAMLOOKUP(q, S)

� returns the datapoint and correponding edge length6: if |N | < k or hlast = −1 or h = hlast then7: N ← N ∪N (s, h)8: hlast ← h9: end if

10: until |N | � k and h > hlast

11: R← argminks′∈N Dp(s′, q) � k min-distance points

12: return R13: end function

norm in the dq-dimensional space. Namely, for a p-norm,

D(a, b)|Dq =

⎛⎝ ∑

i∈Dq

|ai − bi|p⎞⎠

1/p

.

This problem is useful when some features in the vector arenot important for a specific query or user, and in traditionalcomputing models it is known to be more difficult [67] thanthe nearest neighbor problem, where all relevant dimensionsare given a-priori. For example, LSH (and its extension toTCAMs, TLSH [7]) cannot be used to solve this problem.However, our solution for the NN problem can be usedinstantly to solve the partial match problem.

Under the maximum norm �∞, a PARTIAL MATCH solutionis to replace, in the queries, all the bits corresponding tocoordinates in irrelevant dimensions with * bits. We replacecoordinates in queries and not for data point, as the relevantdimensions are selected per query. This technique works bothfor our time-efficient and memory-efficient methods.

For �p, our solution results in p√

dq approximation, where dq

is the dimension of the specific query. The extensionsto EXACT NEAREST NEIGHBOR SEARCH and k–NEAREST

NEIGHBORS SEARCH, as described in Section V-B, work alsofor this problem. The neighborhood sets are precomputedon the d-dimensional space, but queries and distance com-putations after queries are done on the specific dq dimen-sional space. The results are still correct as distances inthe dq-dimensional space are bounded by distances in thed-dimensional space.

D. Geometric Clustering on TCAM

Another closely related problem that could benefit fromusing TCAM with RENÉ is high-dimensional geometricclustering. The k-MEANS CLUSTERING problem, for exam-ple, is usually solved as a sequence of nearest-neighborsearch problems, each of these consists of a database with kd-dimensional points [68].

Algorithm 6 shows how the traditional k-MEANS CLUS-TERING algorithm can be implemented on TCAM using our


Algorithm 6 k-MEANS CLUSTERING Algorithm on TCAM1: function FIND-K-MEANS(S, k)2: changed← false3: t← 14: Randomly select D ← {d1, . . . , dk} ⊆ S (|D| = k)5: for i← 1 to k do6: Ci

0 ← ∅7: Ci

1 ← ∅8: end for9: repeat

10: Clear TCAM11: for h← 1 to H do12: for i← 1 to k do13: Add tcode (di, h) to end of TCAM14: end for15: end for16: for each s ∈ S do17: di ← query TCAM with tcode (s)18: if s /∈ Ci

t−1 then19: changed← true20: Ci

t ← Cit ∪ {s}

21: end if22: end for23: if changed then24: for i← 1 to k do25: di ← center of Ci

t

26: Cit+1 ← ∅

27: end for28: t← t + 129: changed← false30: end if31: until changed = false32: return D = {d1, . . . , dk}33: end function

encoding function tcode , under �∞ norm. As k is usuallymuch smaller than the number of points, this solution requiresrelatively low TCAM space. Still, a standard TCAM cansupport up to thousands of clusters using this algorithm.

E. Evaluation and Experimental Results

We evaluate our nearest-neighbor algorithms using an imagesimilarity search application (using GIST [69] descriptors),on a real-life image dataset [70]. We then compare the resultsand performance with prior-art solutions. Our evaluation isbased both on experiments with real-life TCAM devices andsimulations. Each image in the dataset was encoded as aGIST vector in R

512, downsampled to R40 and quantified

to {0, . . . , 255}40 before performing search. Images wererandomly partitioned to a dataset of 21, 019 images a queryset of 1, 000 images.

1) Experiment With a TCAM Device: Since there is noevaluation board for such devices, we used a commoditynetwork switch (Quanta T1048-LB9) that contains a TCAMfor our experiment (similarly to [7]). This switch has 481 Gbps ports, each handling at most 1.5M packets per second.

Fig. 9. Throughput comparison of the various algorithms for solving thenearest neighbor problem, as a function of the size of the search database.Throughput of TCAM-based algorithms is simulated based on 360 MHzTCAM throughput. We denote TLSH with one TCAM lookup per r-NearNeighbor Report Problem instance as time-efficient, and TLSH with log(1/ε)TCAM lookups per instance as space-efficient.

TCAM is used for packet classification for OpenFlow 1.3.Using the OpenFlow interface to the switch, we mapped eachentry produced by our algorithms to a set of header fields.A commercial traffic generator injected manually crafted pack-ets that contain the queries in their headers, where each queryis broken into header fields in the same way TCAM entriesare stored.

We verified correctness by counting the number of matchesof each TCAM entry. Using one ingress port the switcheasily achieved a throughput of 1.5M queries per second,which is the upper bound of the link between the trafficgenerator and the switch (but not of the TCAM). Using24 ingress ports we achieved throughput of 35.69M queriesper second (almost 1.5M×24). Hence, the bottleneck was notin the TCAM: If we had more ports we could have reachedmuch higher throughput, as contemporary TCAM devices arecapable of query throughput of 360M to 1.6 billion queriesper second [38], [39].

2) Simulation Results: We compared our results to theresults of brute-force exact nearest neighbor (using MAT-LAB or on GPU [37]), locality sensitive hashing [33], [51](using implementation from [71]), and TLSH [7]. LSH approx-imated results in �2 were comparable to our approximatedresults in �2 only when LSH used the most complex hashfunctions, or when used very large bins. Both options meanlonger computation time due to either more complex hashcomputation or much more distance computations.

Figure 9 presents a comparison of the throughput (queriesper second) of CPU implementations of LSH [71], GPU imple-mentation [37], TLSH [7] simulation, and RENÉ simulation.Each line in the figure presents the throughput of a singlealgorithm/implementation, as a function of the number of datapoints in the dataset.4

For the TCAM simulations we used a software simulationwith unbounded memory limits for the TCAM, 360MHzthroughput, with 50 cycles latency per query.

4LSH implementations were ran on an Intel Core i7 2600 3.4GHz CPU.We used the same dataset and queries for our algorithms, LSH and TLSH.TCAM algorithms used 10 different cube sizes. GPU throughput is as reportedin [37] for the closest lower values of n and d.


The required TCAM space for our space efficient methodis 8M bits and for our time efficient method with 10 differentcube sizes is 80M bits, with 440 bits wide entries. Theserequirements are available in most modern TCAM devices.TLSH requires much higher TCAM capacity and much widerTCAM entries.

3) Geometric Clustering Analysis: In this section we ana-lyze the running time of Algorithm 6. We define i to bethe number of iterations until convergence, Tc as the timefor completing a single TCAM cycle, T� as the number ofcycles required for TCAM to complete a request,5 and Tclear

as the time to clear the whole TCAM. Given the set of pointsS, the set of edge lengths H and the number of clusters k,the running time of the algorithm is:

Θ(i · (Tc · (k|H|+ T� · (1 + |S|)) + Tclear))

4) Comparison to TLSH: As recalled, Shinde et al. [7]were the first to suggest using TCAM for nearest neighborsearch. They use a ternary variant of the Locality SensitiveHashing, called TLSH, to provide a probabilistic solution forthe nearest neighbor problem. The main advantages of ouralgorithms over TLSH are that our time-efficient algorithmsolves multiple instances of the r-NEAR-NEIGHBOR REPORT

PROBLEM in a single TCAM lookup, while TLSH requires|H| lookups (hence the factor of 10 difference in the resultspresented in Figure 9), and that the TCAM space requirements,and specifically and more importantly TCAM entry widthrequirement, are lower in at least one order of magnitudethan those of TLSH. Furthermore, our algorithms providedeterministic results and are not subject to probabilistic errors,and they allow database hot updates.

VI. CONCLUSION

While the problem of range encoding on TCAM has beendeeply investigated over recent years, the proven theoreticallimits on the number of bits one must use have divertedresearchers to use row expansion. However, row expansioncauses exponential increment in the number of TCAM entries.New applications such as SDN implementations for loadbalancing, security tools, and NFV frameworks use more thana few range fields. Thus, row expansion makes solutions thatuse it impractical.

In this paper we introduce the sub-problem of short rangeencoding, and we show that the theoretical limits on thenumber of required bits can be lowered in this situation.We present RENÉ: An encoding scheme for short ranges,and show that it is closer to the lower bound than any othertechnique. We then present multiple applications that maybenefit from such short range encoding, in the area of packetclassification. Furthermore, we propose to use TCAM as a co-processor for solving problems outside of the networking field,such as the nearest neighbor problem and its variants, whichso far has been known to take very long time to compute.We show that using TCAM, one could solve such problemsin much higher rates than previously suggested solutions,and outperform known lower bounds in traditional memorymodels.

5TCAM works in a pipeline, where a request is processed over multiplecycles, but at each cycle a new request may begin.

REFERENCES

[1] W. Jiang, Q. Wang, and V. K. Prasanna, “Beyond TCAMs: An SRAM-based parallel multi-pipeline architecture for terabit IP lookup,” in Proc.INFOCOM, 2008, pp. 1786–1794.

[2] V. C. Ravikumar and R. Mahapatra, “TCAM architecture for IP lookupusing prefix properties,” IEEE Micro, vol. 24, no. 2, pp. 60–69,Mar./Apr. 2004.

[3] OpenFlow Switch Specification Version 1.3.2, Open Netw. Found.,Menlo Park, CA, USA, Apr. 2013.

[4] A. Bremler-Barr, D. Hay, and Y. Koral, “CompactDFA: Scalable patternmatching using longest prefix match solutions,” IEEE/ACM Trans. Netw.,vol. 22, no. 2, pp. 415–428, Apr. 2014.

[5] A. Goel and P. Gupta, “Small subset queries and bloom filters usingternary associative memories, with applications,” in Proc. SIGMETRICS,2010, pp. 143–154.

[6] M. Moshref, M. Yu, R. Govindan, and A. Vahdat, “DREAM: Dynamicresource allocation for software-defined measurement,” in Proc.SIGCOMM, 2014, pp. 419–430.

[7] R. Shinde, A. Goel, P. Gupta, and D. Dutta, “Similarity search andlocality sensitive hashing using ternary content addressable memories,”in Proc. SIGMOD, 2010, pp. 375–386.

[8] ETSI. (Oct. 2012). Network Function Virtualization. [Online]. Available:http://portal.etsi.org/NFV/NFV_White_Paper.pdf

[9] R. Wang, D. Butnariu, and J. Rexford, “OpenFlow-based server loadbalancing gone wild,” in Proc. Hot-ICE, 2011, p. 12.

[10] Radware. (2014). DefenseFlow—SDN Applications and DDoS AttackDefense. [Online]. Available: http://www.radware.com/Products/DefenseFlow/

[11] M. S. Seddiki et al., “FlowQoS: QoS for the rest of us,” in Proc.HotSDN, 2014, pp. 207–208.

[12] V. Srinivasan, G. Varghese, S. Suri, and M. Waldvogel, “Fast andscalable layer four switching,” in Proc. SIGCOMM, 1998, pp. 191–202.

[13] E. Spitznagel, D. Taylor, and J. Turner, “Packet classification usingextended TCAMs,” in Proc. ICNP, 2003, pp. 120–131.

[14] K. Lakshminarayanan, A. Rangarajan, and S. Venkatachary, “Algo-rithms for advanced packet classification with ternary CAMs,” in Proc.SIGCOMM, 2005, pp. 193–204.

[15] A. Bremler-Barr and D. Hendler, “Space-efficient TCAM-based classi-fication using Gray coding,” in Proc. INFOCOM, 2007, pp. 1388–1396.

[16] Y.-K. Chang and C.-C. Su, “Efficient TCAM encoding schemes forpacket classification using Gray code,” in Proc. GLOBECOM, 2007,pp. 1834–1839.

[17] H. Che, Z. Wang, K. Zheng, and B. Liu, “DRES: Dynamic rangeencoding scheme for TCAM coprocessors,” IEEE Trans. Comput.,vol. 57, no. 7, pp. 902–915, Jul. 2008.

[18] H. Liu, “Efficient mapping of range classifier into ternary-CAM,” inProc. 10th Symp. High Perform. Interconnects, 2002, pp. 95–100.

[19] J. V. Lunteren and T. Engbersen, “Fast and scalable packet classifi-cation,” IEEE J. Sel. Areas Commun., vol. 21, no. 4, pp. 560–571,May 2003.

[20] A. Bremler-Barr, D. Hay, and D. Hendler, “Layered interval codesfor TCAM-based classification,” Comput. Netw., vol. 56, no. 13,pp. 3023–3039, Sep. 2012.

[21] O. Rottenstreich, I. Keslassy, A. Hassidim, H. Kaplan, and E. Porat, “Onfinding an optimal TCAM encoding scheme for packet classification,”in Proc. INFOCOM, 2013, pp. 2049–2057.

[22] Q. Dong, S. Banerjee, J. Wang, D. Agrawal, and A. Shukla, “Packetclassifiers in ternary CAMs can be smaller,” in Proc. SIGMETRICS,2006, pp. 311–322.

[23] C. R. Meiners, A. X. Liu, and E. Torng, “TCAM Razor: A systematicapproach towards minimizing packet classifiers in TCAMs,” in Proc.ICNP, Oct. 2007, pp. 266–275.

[24] C. R. Meiners, A. X. Liu, and E. Torng, “Topological transformationapproaches to optimizing TCAM-based packet classification systems,”in Proc. SIGMETRICS, 2009, pp. 73–84.

[25] J. S. Beis and D. G. Lowe, “Shape indexing using approximate nearest-neighbour search in high-dimensional spaces,” in Proc. IEEE Comput.Soc. Conf. Comput. Vis. Pattern Recognit., Jun. 1997, pp. 1000–1006.

[26] M. Brown and D. G. Lowe, “Recognising panoramas,” in Proc. ICCV,vol. 3. 2003, p. 1218.

[27] L. Liang, C. Liu, Y.-Q. Xu, B. Guo, and H.-Y. Shum, “Real-time texturesynthesis by patch-based sampling,” ACM Trans. Graph., vol. 20, no. 3,pp. 127–150, 2001.

[28] J. Philbin, O. Chum, M. Isard, J. Sivic, and A. Zisserman, “Objectretrieval with large vocabularies and fast spatial matching,” in Proc.CVPR, 2007, pp. 1–8.


[29] D. G. Lowe, “Object recognition from local scale-invariant features,”in Proc. 7th IEEE Int. Conf. Comput. Vis., vol. 2. Sep. 1999,pp. 1150–1157.

[30] H. Samet, Foundations of Multidimensional and Metric Data Structures.San Mateo, CA, USA: Morgan Kaufmann, 2006.

[31] J. L. Bentley, “Multidimensional divide-and-conquer,” Commun. ACM,vol. 23, no. 4, pp. 214–229, 1980.

[32] N. Beckmann, H.-P. Krıegel, R. Schneider, and B. Seeger,“The R*-tree: An efficient and robust access method for pointsand rectangles,” in Proc. ACM Sigmod Rec., 1990, vol. 19. no. 2,pp. 322–331.

[33] A. Andoni and P. Indyk, “Near-optimal hashing algorithms for approx-imate nearest neighbor in high dimensions,” Commun. ACM, vol. 51,no. 1, pp. 117–122, Jan. 2008.

[34] R. Weber, H.-J. Schek, and S. Blott, “A quantitative analysis andperformance study for similarity-search methods in high-dimensionalspaces,” in Proc. VLDB, 1998, pp. 194–205.

[35] M. Muja and D. G. Lowe, “Fast approximate nearest neighborswith automatic algorithm configuration,” in Proc. VISAPP, 2009,pp. 331–340.

[36] F. Gray, “Pulse code communication,” U.S. Patent 2 632 058 A,Mar. 17, 1953.

[37] V. Garcia, É. Debreuve, F. Nielsen, and M. Barlaud, “K-nearest neigh-bor search: Fast GPU-based implementations and application to high-dimensional feature matching,” in Proc. ICIP, 2010, pp. 3757–3760.

[38] Renesas Electronics America Inc. 20 Mbit QUAD-Search ContentAddressable Memory. Accessed: Jul. 11, 2016. [Online]. Available:http://www.renesas.com/products/memory/TCAM/index.jsp

[39] C. Inc. (2014). NEURON Search Processors. [Online]. Available:http://www.cavium.com/processor_NEURON-Search.html

[40] I. Corp. (2011). Intel Xeon Processor E7-4870. [Online]. Available:http://ark.intel.com/products/53579/

[41] Nvidia. (Nov. 2014). Tesla K80 GPU Accelerator. [Online].Available: http://international.download.nvidia.com/pdf/kepler/BD-07317-001_v04.pdf

[42] O. Rottenstreich and I. Keslassy, “Worst-case TCAM rule expansion,”in Proc. INFOCOM, 2010, pp. 1–5.

[43] O. Rottenstreich and I. Keslassy, “On the code length of TCAM codingschemes,” in Proc. ISIT, 2010, pp. 1908–1912.

[44] K. Kogan, S. I. Nikolenko, O. Rottenstreich, W. Culhane, and P. Eugster,“Exploiting order independence for scalable and expressive packetclassification,” IEEE/ACM Trans. Netw., vol. 24, no. 2, pp. 1251–1264,Apr. 2016.

[45] K. Kogan, S. I. Nikolenko, P. Eugster, A. Shalimov, and O. Rottenstreich,“Efficient FIB representations on distributed platforms,” IEEE/ACMTrans. Netw., vol. 25, no. 6, pp. 3309–3322, Dec. 2017.

[46] K. Kogan, S. Nikolenko, O. Rottenstreich, W. Culhane, and P. Eugster,“SAX-PAC (scalable and expressive packet classification),” in Proc.SIGCOMM, 2014, pp. 15–26.

[47] C. R. Meiners, A. X. Liu, and E. Torng, “Bit Weaving: A non-prefixapproach to compressing packet classifiers in TCAMs,” in Proc. ICNP,2009, pp. 93–102.

[48] K. Zheng, H. Che, Z. Wang, B. Liu, and X. Zhang, “DPPC-RE: TCAM-based distributed parallel packet classification with range encoding,”IEEE Trans. Comput., vol. 55, no. 8, pp. 947–961, Aug. 2006.

[49] C. R. Meiners, A. X. Liu, E. Torng, and J. Patel, “Split: Optimizingspace, power, and throughput for TCAM-based classification,” in Proc.ANCS, 2011, pp. 200–210.

[50] Y. Afek, A. Bremler-Barr, and L. Schiff, “Recursive design of hardwarepriority queues,” in Proc. SPAA, 2013, pp. 23–32.

[51] P. Indyk and R. Motwani, “Approximate nearest neighbors: Towardsremoving the curse of dimensionality,” in Proc. STOC, 1998,pp. 604–613.

[52] J. L. Bentley, “Multidimensional binary search trees used for associativesearching,” Commun. ACM, vol. 18, no. 9, pp. 509–517, 1975.

[53] S. Dasgupta and Y. Freund, “Random projection trees and low dimen-sional manifolds,” in Proc. STOC, 2008, pp. 537–546.

[54] A. Gionis, P. Indyk, and R. Motwani, “Similarity search in highdimensions via hashing,” in Proc. VLDB, 1999, pp. 518–529.

[55] Q. Lv, W. Josephson, Z. Wang, M. Charikar, and K. Li, “Multi-probeLSH: Efficient indexing for high-dimensional similarity search,” in Proc.VLDB, 2007, pp. 950–961.

[56] Y. Tao, K. Yi, C. Sheng, and P. Kalnis, “Quality and efficiency inhigh dimensional nearest neighbor search,” in Proc. SIGMOD, 2009,pp. 563–576.

[57] V. Garcia, E. Debreuve, and M. Barlaud, “Fast k nearest neigh-bor search using GPU,” in Proc. IEEE CVPR, Jun. 2008, pp. 1–6,doi: 10.1109/CVPRW.2008.4563100.

[58] S. Liang, C. Wang, Y. Liu, and L. Jian, “CUKNN: A parallel implemen-tation of K-nearest neighbor on CUDA-enabled GPU,” in Proc. YC-ICT,2009, pp. 415–418.

[59] J. Pan and D. Manocha, “Fast GPU-based locality sensitive hashing forK-nearest neighbor computation,” in Proc. GIS, 2011, pp. 211–220.

[60] P. Bosshart et al., “P4: Programming protocol-independent packetprocessors,” Comput. Commun. Rev., vol. 44, no. 3, pp. 87–95, 2014.

[61] Radware. (Oct. 2014). Tsunami SYN Flood Attack—A New Trend inDDoS Attacks? [Online]. Available: http://blog.radware.com/security/2014/10/tsunami-syn-flood-attack/

[62] G. Pazi, A. Bremler-Bar, R. Rivlin, and D. Touitou, “Protecting againstdistributed denial of service attacks,” U.S. Patent 2003 0 110 274 A1.Jun. 12, 2003. [Online]. Available: http://www.google.com/patents/US20030110274

[63] C. Jin, H. Wang, and K. G. Shin, “Hop-count filtering: An effectivedefense against spoofed DDoS traffic,” in Proc. CCS, 2003, pp. 30–41.

[64] A. Gupta et al., “SDX: A software defined internet exchange,” in Proc.SIGCOMM, 2014, pp. 551–562.

[65] AS Names—CIDR Report. Accessed: Jan. 29, 2018. [Online]. Available:http://www.cidr-report.org/as2.0/autnums.html

[66] (2014). Ryu SDN Controller. [Online]. Available: http://osrg.github.io/ryu/

[67] A. Borodin, R. Ostrovsky, and Y. Rabani, “Lower bounds for highdimensional nearest neighbor search and related problems,” in Proc.STOC, 1999, pp. 312–321.

[68] S. P. Lloyd, “Least squares quantization in PCM,” IEEE Trans. Inf.Theory, vol. IT-28, no. 2, pp. 129–137, Mar. 1982.

[69] A. Oliva and A. Torralba, “Modeling the shape of the scene: A holisticrepresentation of the spatial envelope,” Int. J. Comput. Vis., vol. 42,no. 3, pp. 145–175, 2001.

[70] B. C. Russell, A. Torralba, K. P. Murphy, and W. T. Freeman, “LabelMe:A database and Web-based tool for image annotation,” Int. J. Comput.Vis., vol. 77, nos. 1–3, pp. 157–173, 2008.

[71] M. Aly, M. Munich, and P. Perona, “Indexing in large scale imagecollections: Scaling properties and benchmark,” in Proc. WACV, 2011,pp. 418–425.

Anat Bremler-Barr received the Ph.D. degree(Hons.) in computer science from Tel Aviv Uni-versity, Tel Aviv, Israel. In 2001, she co-foundedand was the Chief Scientist of Riverhead Networks,Inc. (acquired by Cisco Systems in 2004), whichprovided systems to protect from denial-of-serviceattacks. She then joined the Interdisciplinary Cen-ter Herzliya, Herzliya, Israel, in 2004, where sheco-founded (with Prof. D. Hay) the DEEPNESSLaboratory (funded by an ERC starting grant) thatfocuses on designing deep packet inspection for

next-generation network devices. She is currently an Associate Professorwith the School of Computer Science, Interdisciplinary Center Herzliya. Herresearch interests include computer networks and network security.

Yotam Harchol received the Ph.D. degree from theHebrew University of Jerusalem, Israel, in 2017.Before joining the University of California atBerkeley (UC Berkeley), Berkeley, CA, USA, hewas a Post-Doctoral Researcher with VMwareResearch. He is currently a Post-Doctoral Scholar(with Prof. S. Shenker) with the Department ofElectrical Engineering and Computer Science, UCBerkeley. His research interests include software-defined networking, network security, and high-performance algorithms for network middleboxes.

He was the recipient of the Intel Award for Graduate Students in 2010,the Hammer Fellowship for Master Students in 2009, and the Chais Scholar-ship for Social Leadership in 2007.


David Hay received the B.A. degree (summa cumlaude) and the Ph.D. degree in computer sciencefrom the Technion Israel Institute of Technology,Haifa, Israel, in 2001 and 2007, respectively. In addi-tion, he was with: the IBM Haifa Research Laborato-ries, Haifa; Cisco Systems, San Jose, CA, USA; theElectronic Department, Politecnico di Torino, Turin,Italy; and the Electrical Engineering Departmentwith Columbia University, New York, NY, USA.In 2010, he co-founded (with Prof. A. Brembler-Barr) the DEEPNESS laboratory, focusing on deep

packet inspection in next-generation network devices. He is currently anAssociate Professor with The Rachel and Selim Benin School of ComputerScience and Engineering, The Hebrew University of Jerusalem, Jerusalem,Israel. His research interests include computer networks in particular, networkalgorithmics, packet classification, deep packet inspection, network survivabil-ity, and software-defined networking.

Yacov Hel-Or received the Ph.D. degree in com-puter science from the The Hebrew University ofJerusalem. He was a Visiting Scientist with GoogleInc. and a Research Scientist with Amazon from2016 to 2018. Prior to this, he held post-doctoralpositions with the Weizmann Institute of Scienceand the NASA Ames Research Center, California.He is currently a Faculty Member with the Schoolof Computer Science, Interdisciplinary Center Her-zliya, Israel. His main research interests includecomputer vision, image processing, and computergraphics.

Date post:	11-Mar-2020
Category:	Documents
Upload:	others
View:	18 times
Download:	0 times

IEEE/ACM TRANSACTIONS ON NETWORKING, VOL. 26, NO. 2, … · IEEE/ACM TRANSACTIONS ON NETWORKING,...

Documents